vSphere Client must disable the shutdown port.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239770 | VCFL-67-000029 | SV-239770r679537_rule | Medium |
| Description |
|---|
| An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to vSphere Client through this port. To ensure availability, the shutdown port must be disabled. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 Virgo-Client Security Technical Implementation Guide | 2021-03-18 |
Details
| Check Text ( C-43003r679535_chk ) |
|---|
| At the command prompt, execute the following command: # xmllint --format --xpath '/Server/@port' /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml Expected result: port="-1" If the output does not match the expected result, this is a finding. |
| Fix Text (F-42962r679536_fix) |
|---|
| Navigate to and open /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml in a text editor. Ensure that the server port is disabled as follows: |